On 08/25/2016 03:10 PM, Mark Reynolds wrote:
>
>
> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>
>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>>> Ian Harding wrote:
>>>>
>>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>>> Ian Harding wrote:
>>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>>> happened.
>>>>>>
>>>>>> It only had a replication agreement with freeipa-sea
>>>>>>
>>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>
>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>> configuration!
>>>>>>
>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>> [no]: yes
>>>>>> Shutting down all IPA services
>>>>>> Removing IPA client configuration
>>>>>> Unconfiguring ntpd
>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>> Unconfiguring CA
>>>>>> Unconfiguring named
>>>>>> Unconfiguring ipa-dnskeysyncd
>>>>>> Unconfiguring web server
>>>>>> Unconfiguring krb5kdc
>>>>>> Unconfiguring kadmin
>>>>>> Unconfiguring directory server
>>>>>> Unconfiguring ipa_memcached
>>>>>> Unconfiguring ipa-otpd
>>>>>> [root@freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>
>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>> configuration!
>>>>>>
>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>> [no]: yes
>>>>>>
>>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>>> about
>>>>>> replication agreements. Uninstallation will continue despite the
>>>>>> possible
>>>>>> existing replication agreements.
>>>>>> Shutting down all IPA services
>>>>>> Removing IPA client configuration
>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>> [root@freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>>> Directory Manager (existing master) password:
>>>>>>
>>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>>> You should remove it before proceeding:
>>>>>> % ipa host-del freeipa-dal.bpt.rocks
>>>>>> [root@freeipa-dal ianh]#
>>>>>>
>>>>>> So I tried to delete it again with --force
>>>>>>
>>>>>> [root@freeipa-sea ianh]# ipa-replica-manage --force del
>>>>>> freeipa-dal.bpt.rocks
>>>>>> Directory Manager password:
>>>>>>
>>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>>> 'freeipa-dal.bpt.rocks'
>>>>>> [root@freeipa-sea ianh]#
>>>>>>
>>>>>> Can't delete it from the master server either
>>>>>>
>>>>>> [root@seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>>> disabled
>>>>>>
>>>>>>
>>>>>> Now what? I'm running out of things that work.
>>>>> Not sure what version of IPA you have but try:
>>>>>
>>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>>
>>>>> If this had a CA on it then you'll want to ensure that any replication
>>>>> agreements it had have been removed as well.
>>>>>
>>>>> rob
>>>>>
>>>> It turns out I'm not smart enough to untangle this mess.
>>>>
>>>> Is there any way to kind of start over? I managed to delete and
>>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>>> can tell) carry on with the new replicas. They won't even replicate
>>>> back to the master they were created from.
>>> Once you have the right version of 389-ds then then cleanruv tasks work
>>> a lot better. What version are you running now?
>> 1.3.4.0.
> Ian,
>
> Can you the exact version please? rpm -qa | grep 389-ds-base
>
> Thanks,
> Mark

Advertising

Sorry about the delay..
[root@freeipa-sea ianh]# rpm -qa | grep 389-ds-base
389-ds-base-libs-1.3.4.0-33.el7_2.x86_64
389-ds-base-1.3.4.0-33.el7_2.x86_64
>> It's handcuffed to my CentOS 7 so I don't want to update it
>> outside the CentOS ecosystem. What's the downside of upgrading it from
>> source or an RPM for a different flavor of RedHat derived Linux?
>>
>> I'm a one-man band but I'd be interested in hearing a pitch from someone
>> who is super smart on this stuff for a working consulting gig and maybe
>> ongoing support. Who would I talk to at RedHat about coming in from the
>> cold for full on corporate support?
>>
>> Thanks!
>>
>>>> Basically, is there a way to do a fresh install of FreeIPA server, and
>>>> do a dump/restore of data from my existing messed up install?
>>> Not really, no. You can migrate IPA to IPA but only users and groups and
>>> you lose private groups for existing users (they become regular POSIX
>>> groups).
>>>
>>> rob
>>>
>
--
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project